에듀테크 기업 Instructure, 사이버 사고 공개·영향 조사
Source: Bleeping Computer
Instructure discloses cybersecurity incident
Instructure, the company behind the widely used Canvas learning platform, has disclosed that it recently suffered a cybersecurity incident and is now investigating its impact.
The U.S.-based education technology company is best known for developing Canvas, a learning management system that helps schools, universities, and organizations manage coursework, assignments, and online learning.
“Instructure recently experienced a cybersecurity incident perpetrated by a criminal threat actor. We are actively investigating this incident with the help of outside forensics experts,” reads a statement from Steve Proud, Chief Security Officer.
”We are working quickly to understand the extent of the incident and actively taking steps to minimize its impact. Maintaining your trust is our highest priority, and we are committed to transparency throughout this process.”
Instructure says it will provide new information regarding its investigation as it becomes available.
Since May 1, some services—including Canvas Data 2 and Canvas Beta—have been under maintenance, with customers warned they may experience issues with tools that rely on API keys. The company has not stated whether this maintenance is related to the security incident.
BleepingComputer contacted Instructure earlier today with questions about the incident but has not received a response.
BleepingComputer previously published and retracted an earlier report about this incident after determining it was based on incorrect information from a prior disclosure.
Targeting education technology firms
Threat actors have increasingly targeted education technology firms due to the large amounts of personal information they hold on students and teachers.
- In January 2025, educational software provider PowerSchool disclosed a breach in which a threat actor claimed to have stolen data belonging to 62 million students.
- In September 2025, Instructure disclosed a separate breach resulting from a social‑engineering attack that allowed attackers to access data in its Salesforce instance. At the time, a threat actor known as ShinyHunters claimed responsibility for the incident and listed the company on a data‑leak site.
- Threat actors have also targeted Infinite Campus in similar campaigns, with claims of data theft from the company’s Salesforce environment.